From owner-freebsd-vuxml@FreeBSD.ORG Thu Oct 19 18:59:57 2006 Return-Path: X-Original-To: freebsd-vuxml@freebsd.org Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 094C716A403 for ; Thu, 19 Oct 2006 18:59:57 +0000 (UTC) (envelope-from fmysh@iijmio-mail.jp) Received: from xeon.quad.dyndns.org (228.142.138.210.bn.2iij.net [210.138.142.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76B8443D92 for ; Thu, 19 Oct 2006 18:59:21 +0000 (GMT) (envelope-from fmysh@iijmio-mail.jp) Received: from localhost (localhost [127.0.0.1]) by xeon.quad.dyndns.org (Postfix) with ESMTP id CD91715344C; Fri, 20 Oct 2006 03:59:02 +0900 (JST) X-Virus-Scanned: amavisd-new at quad.dyndns.org Received: from xeon.quad.dyndns.org ([127.0.0.1]) by localhost (xeon.quad.dyndns.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Xorn-eN+6OaH; Fri, 20 Oct 2006 03:58:53 +0900 (JST) Received: from [IPv6:2001:240:66e::3] (mini.quad.dyndns.org [IPv6:2001:240:66e::3]) by xeon.quad.dyndns.org (Postfix) with ESMTP id DBC5A15344B; Fri, 20 Oct 2006 03:58:53 +0900 (JST) Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp> Content-Transfer-Encoding: 7bit From: TAOKA Fumiyoshi Date: Fri, 20 Oct 2006 03:58:36 +0900 To: freebsd-vuxml@freebsd.org X-Mailer: Apple Mail (2.752.2) Subject: zope -- restructuredText "csv_table" Information Disclosure X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2006 18:59:57 -0000 zope -- restructuredText "csv_table" Information Disclosure http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html It is said that affected packages are zope >= 0 in the VuXML entry. While referenced pages in the entry say that they are: Zope 2.7.0 - 2.7.9 Zope 2.8.0 - 2.8.8 http://www.securityfocus.com/bid/20022 http://www.vuxml.org/freebsd/CVE-2006-4684.html http://secunia.com/advisories/21947/ http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/ README.txt I hope this is useful. -- TAOKA Fumiyoshi From owner-freebsd-vuxml@FreeBSD.ORG Thu Oct 19 19:52:24 2006 Return-Path: X-Original-To: freebsd-vuxml@freebsd.org Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABE1A16A407 for ; Thu, 19 Oct 2006 19:52:24 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8383B43D67 for ; Thu, 19 Oct 2006 19:52:12 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so484338uge for ; Thu, 19 Oct 2006 12:52:12 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Vq2AEjS0W0UGu4XLO/Vc6lS0AWRqKqt/ZxUJ3JXx0Bzde7WTdAd2pgY2833BKaXJ9QIWx+udthE1UZ1sZI1K03yygPs4GSoQwHvFlMCAhLVNyMNCMp9gxdI4UhxFrj1gPm0S18kk9kWO61+5zCDZuxpKVD+kl/s4wtD0pRvAeVs= Received: by 10.78.200.3 with SMTP id x3mr478478huf; Thu, 19 Oct 2006 12:52:12 -0700 (PDT) Received: by 10.78.167.16 with HTTP; Thu, 19 Oct 2006 12:52:12 -0700 (PDT) Message-ID: Date: Thu, 19 Oct 2006 23:52:12 +0400 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "TAOKA Fumiyoshi" In-Reply-To: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp> X-Google-Sender-Auth: 9b4c4b040c9537df Cc: freebsd-vuxml@freebsd.org Subject: Re: zope -- restructuredText "csv_table" Information Disclosure X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2006 19:52:24 -0000 On 10/19/06, TAOKA Fumiyoshi wrote: > zope -- restructuredText "csv_table" Information Disclosure > http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html > > It is said that affected packages are zope >= 0 in the VuXML entry. > While referenced pages in the entry say that they are: > Zope 2.7.0 - 2.7.9 > Zope 2.8.0 - 2.8.8 > > http://www.securityfocus.com/bid/20022 > http://www.vuxml.org/freebsd/CVE-2006-4684.html > http://secunia.com/advisories/21947/ > http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/ > README.txt The vulnerability has been confirmed in these versions, but as far as we know there are no versions confirmed to be safe yet. To be on the safe side we never put an upper limit on version numbers until we know it for sure. Thanks!